Is Rebill really free to start?

Yes! Our free plan allows up to 10 invoices per month, 5 clients, and basic features. You can upgrade to Premium (R99/month) anytime for unlimited invoices, recurring billing, payment integration, and automatic reminders.

How do payment integrations work?

Connect your Paystack or Yoco account in settings. Your invoices will automatically include a Pay Now button. When clients click it, they can pay instantly with their card. The money goes directly to your payment provider account.

What about WhatsApp credits?

Premium subscribers get 20 free WhatsApp messages per month. Additional messages cost just 30c each, purchased in bundles from 50 to 1,000 credits.

Is my data safe and secure?

Absolutely. We use Google Cloud Platform for secure data storage with enterprise-grade encryption. All payment processing happens through PCI-compliant providers (Paystack/Yoco). We never see or store your clients' card details.

Can I cancel anytime?

Yes, you can cancel your premium subscription anytime from your account settings. Your data remains accessible, but you'll revert to free plan limits. No long-term contracts or cancellation fees.

POPIA Compliance

Last updated: December 2024

POPIA Compliant: Rebill is fully compliant with South Africa's Protection of Personal Information Act (POPIA), which came into effect on 1 July 2021.

1. About POPIA

The Protection of Personal Information Act (POPIA) is South Africa's data protection law that regulates how personal information is processed. It gives individuals rights over their personal information and places obligations on organizations that process personal information.

2. Our Commitment to POPIA

Rebill is committed to full compliance with POPIA. We have implemented comprehensive policies, procedures, and technical measures to ensure your personal information is protected according to POPIA requirements.

3. POPIA Principles We Follow

Accountability

We take responsibility for personal information in our possession
We have appointed a Data Protection Officer (DPO)
We maintain records of all processing activities
We conduct regular compliance audits

Processing Limitation

We only process personal information for specific, legitimate purposes
Processing is lawful, reasonable, and related to our business function
We obtain consent where required
We don't process more information than necessary

Purpose Specification

We clearly specify why we collect personal information
We inform you of the purpose at the time of collection
We don't use information for purposes other than specified
We obtain additional consent for new purposes

Further Processing Limitation

We don't process information for secondary purposes without consent
Any further processing is compatible with original purpose
We assess compatibility before any new processing

Information Quality

We ensure personal information is complete and accurate
We provide mechanisms for you to update your information
We regularly review and update information where necessary
We don't use inaccurate or incomplete information for decisions

Openness

We are transparent about our information processing practices
Our Privacy Policy is easily accessible
We provide clear information about data collection
We respond promptly to information requests

Security Safeguards

We implement appropriate technical and organizational measures
We protect against unauthorized access, modification, or disclosure
We use encryption for data transmission and storage
We conduct regular security assessments

Data Subject Participation

We respect your rights as a data subject
We provide mechanisms to exercise your rights
We respond to requests within prescribed timeframes
We don't charge unreasonable fees for access requests

4. Your Rights Under POPIA

As a data subject, POPIA gives you the following rights:

Right to Access

Request confirmation of whether we process your personal information
Access your personal information in our possession
Receive information about our processing activities
Get details about third parties who have access to your information

Right to Correction

Request correction of inaccurate personal information
Request completion of incomplete personal information
Request deletion of information that is no longer needed

Right to Object

Object to processing for direct marketing purposes
Object to processing that may cause harm or distress
Object to automated decision-making

Right to Withdraw Consent

Withdraw consent for processing at any time
Withdrawal doesn't affect lawfulness of prior processing
We'll inform you of consequences of withdrawal

5. Lawful Basis for Processing

We process your personal information based on the following lawful grounds:

Consent: You have given clear consent for processing
Contract: Processing is necessary for contract performance
Legal Obligation: Required by South African law
Legitimate Interest: For our legitimate business interests
Vital Interest: To protect someone's life or health

6. Data Transfers

When transferring personal information outside South Africa:

We ensure adequate level of protection
We use appropriate safeguards (contracts, certifications)
We obtain Information Regulator approval where required
We inform you of international transfers

7. Data Breach Response

In case of a data breach:

We'll notify the Information Regulator within 72 hours
We'll inform affected individuals without delay
We'll provide details about the breach and mitigation steps
We'll implement measures to prevent future breaches

8. Children's Information

For children's personal information:

We don't knowingly process information of children under 18
We require parental consent for children's information
We take extra care with children's information
Parents can request access to their child's information

9. Automated Decision-Making

Regarding automated processing:

We inform you of any automated decision-making
You have the right to request human intervention
You can express your point of view
You can contest automated decisions

10. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for:

Monitoring POPIA compliance
Conducting privacy impact assessments
Training staff on data protection
Handling data subject requests
Liaising with the Information Regulator

Contact our DPO: dpo@rebill.co.za

11. Exercising Your Rights

To exercise your POPIA rights:

Contact us at privacy@rebill.co.za
Specify which right you want to exercise
Provide sufficient information to verify your identity
We'll respond within 30 days (or inform you of any delay)
We'll provide information free of charge (unless requests are excessive)

12. Complaints

If you're not satisfied with how we handle your personal information:

Contact our DPO first: dpo@rebill.co.za
We'll investigate and respond within reasonable time
If unresolved, you can lodge a complaint with the Information Regulator
Information Regulator website: inforeg.org.za

13. Regular Reviews

We regularly review our POPIA compliance:

Annual compliance audits
Regular policy updates
Staff training and awareness programs
Monitoring of regulatory changes

14. Contact Information

For POPIA-related queries:

Privacy Officer: privacy@rebill.co.za
Data Protection Officer: dpo@rebill.co.za
General Inquiries: hello@rebill.co.za
Address: Cape Town, South Africa

Questions About POPIA?

We're committed to transparency about our POPIA compliance. If you have questions about how we protect your personal information, contact our Data Protection Officer.